Skip to content

Commit

Permalink
feat(macos): add team_id option for apple notarization (#52)
Browse files Browse the repository at this point in the history 
* feat(macos): add team_id option for apple notarization
Port of tauri-apps/tauri#7775

Co-authored-by: Trey Smith <[email protected]>
Co-authored-by: Lucas Nogueira <[email protected]>

* fix(macos): fix notraytool's apple-id option name
Port of tauri-apps/tauri#7934

Co-authored-by: Jason Tsai <[email protected]>
Co-authored-by: Lucas Fernandes Nogueira <[email protected]>

* fix(macos): team ID is now required for notarytool via app password
Port of tauri-apps/tauri#7972

Co-authored-by: Lucas Fernandes Nogueira <[email protected]>

* refactor: remove Error::MissingNotarizeAuthTeamId

Co-authored-by: Lucas Nogueira <[email protected]>

---------

Co-authored-by: Trey Smith <[email protected]>
Co-authored-by: Lucas Nogueira <[email protected]>
Co-authored-by: Jason Tsai <[email protected]>
Co-authored-by: Lucas Nogueira <[email protected]>
  • Loading branch information
@jason-crabnebula @tr3ysmith
@lucasfernog @pewsheen @lucasfernog-crabnebula
5 people authored Oct 23, 2023
1 parent 65b8c20 commit 6ed1312
Show file tree
Hide file tree
Showing 3 changed files with 44 additions and 49 deletions.
5 changes: 5 additions & 0 deletions .changes/mac-notarytool-team-id.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
---
"cargo-packager": minor
---

Read the `APPLE_TEAM_ID` environment variable for macOS notarization arguments.
86 changes: 38 additions & 48 deletions crates/packager/src/codesign/macos.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -348,13 +348,14 @@ fn staple_app(app_bundle_path: PathBuf) -> crate::Result<()> {
#[derive(Debug)]
pub enum NotarizeAuth {
AppleId {
apple_id: String,
password: String,
apple_id: OsString,
password: OsString,
team_id: OsString,
},
ApiKey {
key: String,
key: OsString,
key_path: PathBuf,
issuer: String,
issuer: OsString,
},
}

Expand All @@ -365,11 +366,20 @@ pub trait NotarytoolCmdExt {
impl NotarytoolCmdExt for Command {
fn notarytool_args(&mut self, auth: &NotarizeAuth) -> &mut Self {
match auth {
NotarizeAuth::AppleId { apple_id, password } => self
.arg("--apple-id")
.arg(apple_id)
.arg("--password")
.arg(password),
NotarizeAuth::AppleId {
apple_id,
password,
team_id,
} => {
self.arg("--apple-id")
.arg(apple_id)
.arg("--password")
.arg(password)
.arg("--team-id")
.arg(team_id);

self
}
NotarizeAuth::ApiKey {
key,
key_path,
Expand All @@ -390,50 +400,28 @@ pub fn notarize_auth() -> crate::Result<NotarizeAuth> {
match (
std::env::var_os("APPLE_ID"),
std::env::var_os("APPLE_PASSWORD"),
std::env::var_os("APPLE_TEAM_ID"),
) {
(Some(apple_id), Some(apple_password)) => {
let apple_id = apple_id
.to_str()
.expect("failed to convert APPLE_ID to string")
.to_string();
let password = apple_password
.to_str()
.expect("failed to convert APPLE_PASSWORD to string")
.to_string();
Ok(NotarizeAuth::AppleId { apple_id, password })
}
(Some(apple_id), Some(password), Some(team_id)) => Ok(NotarizeAuth::AppleId {
apple_id,
password,
team_id,
}),
_ => {
match (
std::env::var_os("APPLE_API_KEY"),
std::env::var_os("APPLE_API_ISSUER"),
std::env::var("APPLE_API_KEY_PATH"),
) {
(Some(api_key), Some(api_issuer), Ok(key_path)) => {
let key = api_key
.to_str()
.expect("failed to convert APPLE_API_KEY to string")
.to_string();
let issuer = api_issuer
.to_str()
.expect("failed to convert APPLE_API_ISSUER to string")
.to_string();
Ok(NotarizeAuth::ApiKey {
key,
key_path: key_path.into(),
issuer,
})
}
(Some(api_key), Some(api_issuer), Err(_)) => {
let key = api_key
.to_str()
.expect("failed to convert APPLE_API_KEY to string")
.to_string();
let issuer = api_issuer
.to_str()
.expect("failed to convert APPLE_API_ISSUER to string")
.to_string();

let api_key_file_name = format!("AuthKey_{key}.p8");
(Some(key), Some(issuer), Ok(key_path)) => Ok(NotarizeAuth::ApiKey {
key,
key_path: key_path.into(),
issuer,
}),
(Some(key), Some(issuer), Err(_)) => {
let mut api_key_file_name = OsString::from("AuthKey_");
api_key_file_name.push(&key);
api_key_file_name.push(".p8");
let mut key_path = None;

let mut search_paths = vec!["./private_keys".into()];
Expand All @@ -458,7 +446,9 @@ pub fn notarize_auth() -> crate::Result<NotarizeAuth> {
})
} else {
Err(Error::ApiKeyMissing {
filename: api_key_file_name,
filename: api_key_file_name
.into_string()
.expect("failed to convert api_key_file_name to string"),
})
}
}
Expand All @@ -468,7 +458,7 @@ pub fn notarize_auth() -> crate::Result<NotarizeAuth> {
}
}

fn find_api_key(folder: PathBuf, file_name: &str) -> Option<PathBuf> {
fn find_api_key(folder: PathBuf, file_name: &OsString) -> Option<PathBuf> {
let path = folder.join(file_name);
if path.exists() {
Some(path)
Expand Down
2 changes: 1 addition & 1 deletion crates/packager/src/error.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -170,7 +170,7 @@ pub enum Error {
filename: String,
},
/// Missing notarize environment variables.
#[error("Could not find APPLE_ID & APPLE_PASSWORD or APPLE_API_KEY & APPLE_API_ISSUER & APPLE_API_KEY_PATH environment variables found")]
#[error("Could not find APPLE_ID & APPLE_PASSWORD & APPLE_TEAM_ID or APPLE_API_KEY & APPLE_API_ISSUER & APPLE_API_KEY_PATH environment variables found")]
MissingNotarizeAuthVars,
/// Failed to list keychains
#[error("Failed to list keychains: {0}")]
Expand Down

0 comments on commit 6ed1312

Please sign in to comment.